diff --git a/include/connection.h b/include/connection.h
index 80a1de1869c4e02f207c15692e83ce5039fede70..7bd14f053ef748dee3a162ba7683f5567581ab8f 100644
--- a/include/connection.h
+++ b/include/connection.h
@@ -75,9 +75,13 @@ public:
 };
 
 class SslCaosDBConnectionConfig : public CaosDBConnectionConfig {
+private:
+  std::shared_ptr<ChannelCredentials> credentials;
+
+public:
   SslCaosDBConnectionConfig(const std::string &host, int port);
   SslCaosDBConnectionConfig(const std::string &host, int port,
-                            std::string cacert);
+                            const std::string &cacert);
 };
 
 /**
diff --git a/src/connection.cpp b/src/connection.cpp
index 87ae07255d0195faa918278ed326685d73a50d5b..42ef66eb551fcc2953b652add80d7a7d6b51527e 100644
--- a/src/connection.cpp
+++ b/src/connection.cpp
@@ -37,6 +37,8 @@ using caosdb::info::v1alpha1::GetVersionInfoRequest;
 using caosdb::info::v1alpha1::GetVersionInfoResponse;
 using caosdb::info::v1alpha1::VersionInfo;
 using grpc::InsecureChannelCredentials;
+using grpc::SslCredentials;
+using grpc::SslCredentialsOptions;
 
 CaosDBConnectionConfig::CaosDBConnectionConfig(const std::string &host,
                                                int port) {
@@ -72,6 +74,21 @@ auto InsecureCaosDBConnectionConfig::getChannelCredentials() const
   return this->credentials;
 }
 
+SslCaosDBConnectionConfig::SslCaosDBConnectionConfig(
+  const std::string &host, int port, const std::string &cacert)
+  : CaosDBConnectionConfig(host, port) {
+  auto options = SslCredentialsOptions();
+  options.pem_root_certs = cacert;
+  this->credentials = SslCredentials(options);
+}
+
+SslCaosDBConnectionConfig::SslCaosDBConnectionConfig(
+  const std::string &host, int port)
+  : CaosDBConnectionConfig(host, port) {
+  auto options = SslCredentialsOptions();
+  this->credentials = SslCredentials(options);
+}
+
 CaosDBConnection::CaosDBConnection(
   const std::shared_ptr<CaosDBConnectionConfig> &config) {
   this->config = config;